Overview

overview

10

Static

static

10

9b11d4f9df...26.exe

windows7-x64

10

9b11d4f9df...26.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9b11d4f9dfe876e7fcc7f7266475ea0a743c1130a4ae65fb22c8469ecae8d726

  • Size

    840KB

  • MD5

    56c5f426b1cdba05b3c509ab36d892c8

  • SHA1

    973ea6062306e6885cb9dbd8aae531f68c6f9f72

  • SHA256

    9b11d4f9dfe876e7fcc7f7266475ea0a743c1130a4ae65fb22c8469ecae8d726

  • SHA512

    b887d6538a26e4bb04d5fdfa1cfa5b50349799c7012a616375adb823b0d4f4f1154c55b47d8841bea96ce7ddb97ce5be7f105bd9ff780ea13456a03e850e13dd

  • SSDEEP

    24576:k9KS04YNEMuExDiU6E5R9s8xY/2l/dO5Ibt+ry:k9G4auS+UjfU2TQIbt+r

Score
10/10
rat1337testorcus

Malware Config

Extracted

Family

orcus

Botnet

1337test

C2

5email-hitting.gl.at.ply.gg

Mutex

b018d32e87de4be29307720637b74310

Attributes
  • administration_rights_required

    false

  • anti_debugger

    false

  • anti_tcp_analyzer

    false

  • antivm

    false

  • autostart_method

    1

  • change_creation_date

    false

  • force_installer_administrator_privileges

    false

  • hide_file

    false

  • install

    false

  • installation_folder

    %appdata%\Microsoft\Speech\AudioDriver.exe

  • installservice

    false

  • keylogger_enabled

    false

  • newcreationdate

    10/24/2024 21:17:46

  • plugins

    AgEAAA==

  • reconnect_delay

    10000

  • registry_autostart_keyname

    Audio HD Driver

  • registry_hidden_autostart

    false

  • set_admin_flag

    false

  • tasksch_name

    Audio HD Driver

  • tasksch_request_highest_privileges

    false

  • try_other_autostart_onfail

    false

aes.plain

Signatures

  • Orcus family
    orcus
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 9b11d4f9dfe876e7fcc7f7266475ea0a743c1130a4ae65fb22c8469ecae8d726
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections